HQ/EMEAFind out how we can help your business
New investigations revealed that Toyota Italy has inadvertently leaked troves of sensitive data for over 18 months. Based on reports, the leak has exposed confidential information from its Mapbox APIs and Salesforce Marketing Cloud.
Researchers claimed that malicious actors could exploit the exposed data to acquire access to Toyota customers’ email addresses and phone numbers. These leaked details could allow the actors to execute targeted phishing campaigns toward affected clients.
The official Toyota Italy website stored the exposed data.
According to investigations, the researchers discovered an environment file stored on the official Toyota Italy website last month.
Toyota is one of the world’s largest vehicle manufacturing companies that has more than 350,000 employees and earns billions of annual revenues.
Furthermore, this car company directly employs over 25,000 people in Europe alone and operates about eight manufacturing infrastructures. The company stands in Italy for more than half a century, but researchers have yet to identify how big the impact could cause the country.
A recent tally disclosed that Toyota could earn nearly $2 billion this year and sell approximately 83,000 new units.
The researchers explained that the company leaked credentials from the Salesforce Marketing Cloud. This cloud environment provides analytics software and services, plus digital marketing automation.
If a malicious entity abuses the data, it could theoretically access email addresses and phone numbers and track information. Attackers could exploit the data to disseminate fake SMS messages and emails, alter and deploy marketing campaigns, generate automation scripts, send push notifications to Toyota’s clients, and edit content related to the Salesforce Marketing Cloud.
The Italy-based company has also leaked the Mapbox API tokens for querying map information. Researchers explained that the data within the Mapbox API is not as critical as the Salesforce Marketing data.
However, an attacker could still abuse the query to input numerous requests and increase the cost of API usage for Toyota.
Cybersecurity experts advise Toyota consumers to be wary of unwarranted communication and notifications since threat actors could have already accessed the sensitive information. Fortunately, researchers have yet to discover evidence regarding exploited data.
